Datenschutzerklärung
Privacy Policy · Stand / Last updated: March 2026
1. Verantwortlicher / Controller
openUC2 GmbH
Hans-Knöll-Straße 6
07745 Jena, Deutschland
Geschäftsführer / CEO: Dr. Benedict Diederich
E-Mail: hello@openuc2.com
Telefon: +49 159 0199 9271
The controller within the meaning of Article 4(7) GDPR responsible for the processing of personal data on this website is the company listed above.
2. Overview of data processing
When you visit our websites (openuc2.com, shop.openuc2.com, docs.openuc2.com), we process personal data only to the extent necessary for the provision of a functional website, our content and services, and to fulfill contractual obligations. We process personal data only with the user’s consent or where a legal basis permits it.
3. Your rights (Art. 15–21 GDPR)
You have the following rights regarding your personal data:
- Right of access (Art. 15): You may request information about what personal data we store about you.
- Right to rectification (Art. 16): You may request correction of inaccurate data.
- Right to erasure (Art. 17): You may request deletion of your data, subject to legal retention obligations.
- Right to restriction (Art. 18): You may request restriction of processing under certain conditions.
- Right to data portability (Art. 20): You may request your data in a structured, machine-readable format.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The competent authority for Thuringia is:
Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit (TLfDI)
Häßlerstraße 8, 99096 Erfurt
www.tlfdi.de
4. Hosting
This website is hosted by Amazon Web Services EMEA SARL (AWS). The server location is in the EU (Frankfurt am Main, Germany). When you access our website, your browser transmits the following data, which is stored in server log files:
IP address, date and time of access, browser type and version, operating system, referrer URL, requested page.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable and secure website operation).
Retention: Log files are deleted after 30 days.
Data processing agreement (DPA): We have concluded a DPA with AWS in accordance with Art. 28 GDPR.
6. Google Analytics
With your consent, we use Google Analytics 4 (by Google Ireland Limited) to analyze website usage. Google Analytics uses cookies and transmits usage data to Google servers. We have enabled IP anonymization so that your IP address is truncated within the EU before transmission.
Legal basis: Art. 6(1)(a) GDPR (your consent via cookie banner).
Data transfer: Google LLC (USA) is certified under the EU-US Data Privacy Framework.
Retention: 14 months.
Opt-out: You can opt out by declining analytics cookies in our consent banner, or by installing the Google Analytics opt-out browser add-on.
7. Contact forms and email
When you contact us via a form on our website or by email, the data you provide (name, email, message, and optionally company and salutation) is processed to handle your inquiry.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in answering inquiries).
Retention: We store contact form data for 12 months after your last interaction, unless a contractual relationship requires longer retention. You may request deletion at any time.
8. Online shop (shop.openuc2.com)
Our online shop is operated on the Odoo platform (Odoo S.A., Belgium). When you make a purchase, we collect and process the following data: name, billing and shipping address, email address, phone number, and payment information.
Legal basis: Art. 6(1)(b) GDPR (contract fulfillment).
Payment processing: Payment data is processed by our payment service provider(s) and is not stored on our servers.
Retention: Order data is retained for the statutory retention period of 10 years (§ 147 AO, § 257 HGB) after which it is deleted.
Odoo DPA: We have concluded a data processing agreement with Odoo S.A.
9. Newsletter
If you subscribe to our newsletter, we process your email address to send periodic updates about our products, events, and community. We use a double opt-in procedure: after signing up, you receive a confirmation email that you must click to activate your subscription.
Legal basis: Art. 6(1)(a) GDPR (your consent).
Unsubscribe: You can unsubscribe at any time via the link in every newsletter email, or by emailing us.
10. YouTube embeds
We embed videos from YouTube (Google Ireland Limited) using the privacy-enhanced mode (youtube-nocookie.com). In this mode, YouTube does not set cookies until you click to play the video.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in presenting multimedia content). When you click play, Art. 6(1)(a) GDPR (consent) applies.
Data transfer: Google LLC (USA) — certified under the EU-US Data Privacy Framework.
11. Third-party services and data transfers
| Service | Provider | Purpose | Safeguard |
|---|---|---|---|
| AWS (Hosting) | Amazon Web Services EMEA SARL | Website hosting (EU-Frankfurt) | EU servers, DPA |
| Odoo (Shop) | Odoo S.A., Belgium | E-commerce platform | EU company, DPA |
| Google Analytics | Google Ireland Ltd. | Website analytics | EU-US DPF, consent |
| YouTube | Google Ireland Ltd. | Video embeds | EU-US DPF, privacy mode |
| Discourse | Discourse.org (US) | Community forum | SCCs |
| GitHub | GitHub/Microsoft (US) | Open-source repos | EU-US DPF |
12. SSL/TLS encryption
All our websites use SSL/TLS encryption (HTTPS) for the secure transmission of data.
13. Changes to this policy
We may update this privacy policy to reflect changes in our data processing practices or legal requirements. The current version is always available at this URL. Last updated: March 2026.